MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack
Home » Spyware Protection » Hijacked Browser Analysis » Re: HijackThisLog Analysis - LuxTour » 

DRVDDLL.EXE

W32.Beagle.AP@mm is a mass-mailing worm that spreads via email, using its own SMTP engine. It copies itself as the following files: drvddll.exe; drvddll.exeopen; drvddll.exeopenopen; drvddll.exeopenopenopen.

Alias: I-Worm/Bagle.AB, Win32:Beagle-Z, Worm/Bagle.AA, Win32/Bagle.AB, W32/Bagle.aa @MM, W32.Beagle.X @mm, I-Worm.Bagle.z, Win32/Bagle.Z @mm, W32/Bagle-AA, Win32.Bagle.X

The email messages may also contain a malicious Visual Basic script which. This script contains code that eventually builds the Win32 file WORM_BAGLE.Z and drops this worm in the current folder as "VSS_2.EXE".   It uses its own Simple Mail Transfer Protocol (SMTP) engine to propagate. The email it sends out contains a message body only if its attachment is a password-protected .ZIP file.  In its attempt to propagate via network shares, this worm drops copies of itself in folders that contain the string shar in their folder names.

This malware has backdoor capabilities. It listens to a port 2535 for commands from a remote malicious user.


commentPost your comment 
Mail this pageMail this page

MAC-NET Secures IT | internet toolkit

© 2004-2008. All Rights Reserved.